Role-Based Database Security (RBDS) Design

By



[Department or University Name]

ACKNOWLEDGEMENT

I would like to thank my family, especially my good kids Nouf and Fares my lovely wife Mshale and my brother Abu Nawaf for their support shown not only during the time for this project but for the whole time I was doing my MSc. I would also like to thank my supervisor Mr Ades Yasser for strong support given from the start of this difficult project to the end.

DECLARATION

I, [type your full first names and surname here], declare that the contents of this dissertation/thesis represent my own unaided work, and that the dissertation/thesis has not previously been submitted for academic examination towards any qualification. Furthermore, it represents my own opinions and not necessarily those of the University.

Signed __________________ Date _________________

ABSTRACT

Database security is an important feature in any database system. There are various types of security from physical security to logical security. This report is dealing with logical security specifically in authorization security and not authentication. Role Based Access Control (RBAC) proved to be a very useful access control security mechanisms for computer systems, computer applications and database systems alike. RBAC model contains both Discretionary Access Control (DAC) and Mandatory Access Control (MAC) models. Existing models prior to RBAC were based on DAC and MAC models and they were widely used by various computer applications but since evolutions of computer software there was a need to have a more flexible and wider model, and that is where RBAC comes in. Role Based Access Control through the use of users, role(s), permission and objects, can be used also in database systems especially Relational Database Management Systems (RDBMS).

Role Based Database Security (RBDS) design was based on the concept of RBAC since it uses users, roles, permissions and objects, but in this case objects are database objects (unlike RBAC where objects can be any resource example a web page). Database objects like tables, views, packages and even schemas, have a limited number of actions which can used, and these actions are called privileges. Privileges like select, insert and grant can be applied to the database object table and this defines the way permission (privileges) are to be applied to database objects in RBDS. RDBS was designed to include a mechanism for users to be able to have multiple roles (since in real world users have multiple roles) and roles to have multiple privileges or permissions. This model allows for greater flexibility since granting or revoking of privileges is done to the roles, and users can be added or removed to the roles as required. The case study was used to explain the designing process, the definition of users, roles, tasks, functions, operations, objects, permission and privilege was done guided by the case study and the RBDS model was implemented in MySQL and tested.

MySQL have user-level access control security mechanism but it is not entirely based on RBAC since user are granted privileges directly and Microsoft Office Access 2007 does not support user-level access security ...